branch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads GitHub issue metadata (see "Optional issue metadata enrichment" with gh issue view <issue> --json number,title,labels) and the workflow (steps 2 and 4) uses issue labels and titles — untrusted, user-generated GitHub content — to choose branch type and construct branch names and subsequent actions, so third-party issue content can materially influence behavior.